Re: End of hypocrisy ?
On 8/8/2014 9:53 PM, AW wrote:
> On Fri, 8 Aug 2014 20:50:14 -0400
> Steve Litt <slitt@troubleshooters.com> wrote:
>
> > Seventh, there's 40 years of experience with text logs. Are they
> > perfect? No.
>
> The thread that doesn't die --- misinformation all over the place, and some it
> that my misinformation -- sorry 'bout that.
>
> Anyway, I feel prodded, so rebuttal...
>
> Perfect? I should definitely say not...
> a decade or so of remote exploits in no particular order:
>
> http://www.securityfocus.com/bid/10684/discuss
> http://xforce.iss.net/xforce/xfdb/43518
> http://cxsecurity.com/issue/WLB-2011020121
> http://www.securiteam.com/securitynews/5XP0K0U9GK.html
> http://www.juniper.net/security/auto/vulnerabilities/vuln3498.html
> http://www.linuxtoday.com/security/2000091801204SCRH
> http://www.cvedetails.com/cve/CVE-2000-0917/
> http://securitytracker.com/id/1019105
> http://www.redhat.com/archives/linux-security/1999-November/msg00013.html
>
> systemd with its binary file format and buffered line to and from a service
> daemon will [or should] nearly automatically take care of some very nasty
> security problems that crop up from time to time... Now, imagine if the the log
> was kept in an sql database secured with a public key or password or something
> dependent on the local machine, and the queries were properly escaped to
> prevent sql injection - something that would only need to be done once...
>
> Of course all software is broken when it comes to security. However, that's no
> reason to lay down the welcome mat.
>
> BTW: To those complaining of Firefox's use of sqlite...
>
> https://en.wikipedia.org/wiki/SQLlite
>
> The browsers Google Chrome, Opera, Safari and the Android Browser all allow
> for storing information in, and retrieving it from, a SQLite database within
> the browser, using the Web SQL Database technology. Mozilla Firefox and Mozilla
> Thunderbird store a variety of configuration data (bookmarks, cookies, contacts
> etc.) in internally managed SQLite databases, and even offer an add-on to
> manage SQLite databases.
>
> So, all major browsers except IE use sqlite.
>
> --Andrew
>
>
So rather than fix the problems, you're suggesting replacing the current
system with a different one which will not only have it's own set of
problems (many more than the ones I listed - which can't be fixed), but
won't necessarily fix the problems in the existing system.
It makes sense - NOT!
Jerry
Reply to: